My Account
Order Now

Overview

As a software developer who develops secure code, you must add vulnerability assessments to your list of code reviews. You know that the code you write using a web application framework may only be a small percentage of the overall web application code base. Most of the code to be compiled or interpreted for execution is locked away in libraries. Your web application depends on the code in these libraries. It represents a dependency vulnerability.

In this assignment, you’ll have an opportunity to be proactive in DevSecOps! You’ll find potential security vulnerabilities using the OWASP dependency scanner, an open-source scanner. It shows you potential security vulnerabilities known in the libraries of your code base. You can then adjust your use of libraries based on the dependency-check report. Doing the dependency-check process is recommended as part of DevSecOps. You have used a dependency check in the default configuration mode. Now, you’ll look at the configuration options to suppress the reporting of false positives.

Directions

In this assignment, you’ll find it is a good place to alter the current OWASP dependency check to suppress false-positive reporting. To alter it, you’ll need to create a suppression.xml file and revise the code in the pom.xml file of your software application. You’ll do this revision to change the configuration settings of the dependency check in Maven and point to this suppression.xml file.

Specifically, you must address the following rubric criteria:

  1. Static Testing: Using the code base provided in the Supporting Materials section, edit the pom.xml file to integrate the Maven dependency check.
    1. You may want to look at the Integrating the Maven Dependency-Check Plug-in Tutorial. Then run a dependency check and document known vulnerabilities. Submit the HTML dependency-check report with the known vulnerabilities found.
    2. A dependency check will show false-positive vulnerabilities. It is important that you understand the false positives. You’ve been told that you cannot implement a fix at this time for the vulnerabilities you found because no solution currently exists. However, you don’t want this warning signal to pop up for the community of developers who will test the security of this code base.
  1. Reconfiguration: Sometimes, you have to live with an error until there is a fix for it. You must reconfigure the dependency-check tool to stop the alarms for false positives by creating a suppression.xml file and revising the code in the pom.xml file to alter the configuration of the dependency-check tool. By altering it, you’ll hide the false positives. Please note: The false positives are still there, but they won’t show up on the dependency-check report. To reconfigure the dependency-check tool, complete the following steps:
    1. Open the dependency report HTML file in a web browser.
    2. Click the suppress button next to the found vulnerability. See the example below
        1. Next, navigate back to the code base project in Eclipse and create a file called suppression.xml in the same directory as the pom.xml file.
        2. Add the contents you copied from the complete XML doc in step C to the suppression.xml file you created.
        3. Edit the pom.xml file and add the following in the configuration section of the OWASP check:

      <suppressionFiles>
      <suppressionFile>suppression.xml</suppressionFile>
      </suppressionFiles>

      1. Verification: Finally, use Maven Run As to run the dependency check again to verify that all dependencies are valid and that no false positives exist. Submit the HTML dependency-check report showing that all dependencies found are valid and that no false positives are present.

      In addition to the dependency-check reports, be certain to zip the project folder in Eclipse and submit the refactored code, including suppression.xml and the revised pom.xml file.

      What to Submit

      Submit (1) your refactored code (which includes the suppression.xml file you created and the pom.xml file you revised) and (2) your text submission that includes the HTML link for the dependency-check report before reconfiguration and the HTML link for the new dependency-check report after the reconfiguration with no false positives shown. Note: Remember to submit the before and after files. Sources should be cited according to APA style.

      Supporting Materials

      The following resource supports your work on this assignment:

We Accept

+447460993928

support@nerdyhelper.com

Write My Paper for Cheap
Fast Essay Writing Service
Buy Cheap Essays
Dissertation Writing
Dissertation Assistance
Write My Coursework
Admission Writing Service
Do My Assignment
Cheap Custom Essays
Research Papers for Sale
College Essay Writing Service
Term Paper Writing Service
Write My College Essay
Cheap Dissertation
PowerPoint Presentation
Pay for Research Paper

Buy Personal Statement 

Buy Persuasive Essay 
Buy Research Proposal 
Buy Speech 
Capstone Project Writing
Case Study Writing Service
Buy Coursework 
Buy Custom Essay 
Personal Statement Help
Coursework Writing Service
College Paper Writing Service
Thesis Writing Service
Buy Research Paper
Article Review Writing Service
Buy College Essays
Assignment Writing Service

Quick Menu

©Nerdyhelper.com 2023. Copyright Designed and Developed By Web Expert Solutions
Open chat
Hi, How can I help you?
Hello, how can we help you?